Hello, I am currently trying to sign a file with an iasecc compliant smartcard and openssl but I can find out how to specify the private key to use.
The private key I want to select "belongs" to the ECC Generic ID application. When signing with pkcs15-crypt tool, I execute the following command and it works well: pkcs15-crypt --aid E828BD080FD25047656E65726963 -k $my_key_id--sign --pkcs1 --sha-1 --input data-1.sha1 --pin $my_pin --output data-1.auth.sig When using openssl, I use the following command: openssl OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so (dynamic) Dynamic engine loading support [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so [Success]: ID:pkcs11 [Success]: LIST_ADD:1 [Success]: LOAD [Success]: MODULE_PATH:/usr/lib/opensc-pkcs11.so Loaded: (pkcs11) pkcs11 engine [ available ] OpenSSL> smime -nodetach -binary -outform PEM -sign -signer $my_cert pem -inkey $my_key_id -keyform engine -in data-1.txt -out test.p7m -engine pkcs11 engine "pkcs11" set. Invalid slot number: 0 PKCS11_get_private_key returned NULL cannot load signing key file from engine 3611:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:eng_pkey.c:126: unable to load signing key file error in smime OpenSSL> The problem is that I couldn't find how to specify $my_key_id in the latter case. By the way: - I don't know if it is possible to also reference the certificate associated to the key stored in the card; I use a pem file extracted previously. - I don"t how the pin will be managed when needed. Any help will be greatly appreciated! -- Jean-Pierre Fortune _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel